AnsweredAssumed Answered

Workday New Certificate

Question asked by JacquesGentile7181 on Mar 26, 2018
Latest reply on May 2, 2018 by 68675834

On 3/23, Workday changed their server certificates. For some Workday customers, the new cert's trust chain reaches back to a root cert that is untrusted in (missing from) the Boomi Atom Cloud and some private Atoms.

Here is what the error looks like:


Below are the steps to fix this problem on private Atoms.

  • Log on to your  customer's Workday instance, or at least get to the login page.
  • Click the padlock icon in your browser to inspect certificate details.
  • Discover the root certificate; example circled in green below; your root cert may be different but it will be from DigiCert.
  • Go to Atom Management | Certificates | Certificate Authority.  Verify that the root cert is in fact missing from your private Atom:
  • Go to the DigiCert website and download the root cert you just identified. https://www.digicert.com/digicert-root-certificates.htm#roots
  • Save the cert somewhere convenient--you will be typing the path to that cert later on.
  • RDP to the private Atom box.
  • On the private Atom box, open this file: <Atom Install Folder>\.install4j\pref_jre.cfg. If not present, open inst_jre.cfg instead.  This file tells you what JRE the Atom is using.
  • Navigate to that JRE path, and get into the folder lib\security; make sure you see the file called "cacerts".
  • Run a command prompt as administrator. Navigate to the JRE path, get into the "bin" folder.
  • Execute this command, replacing <paths...> with the paths you have just verified in steps above. Also choose a reasonable alias in place of <your alias> 
    keytool -import -alias <your alias> -file "<path to new downloaded certificate including filename>" -keystore "<path to cacerts including filename>" -storepass changeit
  • Answer "y" when prompted if you want to import the certificate.
  • Restart the Atom.

Outcomes